Lucene search
K

1889 matches found

RedHat Linux
RedHat Linux
added 2022/07/14 12:56 p.m.2 views

spring-expression: Denial of service via specially crafted SpEL expression

A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service...

6.5CVSS7.1AI score0.35834EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/13 2:41 a.m.38 views

Security Bulletin: Watson Machine Learning Accelerator is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22971)

Summary Watson Machine Learning Accelerator is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22971 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast t...

6.5CVSS2.5AI score0.02931EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/11 8:59 p.m.48 views

Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. The vulnerable method is used to create a work directory for embedd...

7.8CVSS0.5AI score0.00583EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.3 views

springframework: DoS via data binding to multipartFile or servlet part

A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...

5.3CVSS7.1AI score0.01853EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.3 views

springframework: Authorization Bypass in RegexRequestMatcher

A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...

9.8CVSS7.3AI score0.10037EPSS
Exploits6References5
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.1 views

springframework: BCrypt skips salt rounds for work factor of 31

A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor 31 due to an integer overflow error...

5.3CVSS7.4AI score0.02139EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.2 views

springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096)

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...

4.3CVSS6.8AI score0.00855EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.5 views

springframework: malicious input leads to insertion of additional log entries

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...

4.3CVSS6.8AI score0.01268EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.2 views

Framework: Data Binding Rules Vulnerability

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

5.3CVSS6.7AI score0.05666EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.2 views

spring-expression: Denial of service via specially crafted SpEL expression

A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service...

6.5CVSS7.1AI score0.35834EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.1 views

springframework: DoS with STOMP over WebSocket

A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user...

6.5CVSS7.3AI score0.02931EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/05 2:0 p.m.33 views

Security Bulletin: IBM Tivoli Netcool Impact is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Tivoli Netcool Impact is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965.Spring is shipped as part of ActiveMQ package but is not used by the product. The fix removes Spring from the product. Vulnerability Details CVEID:...

9.8CVSS1.3AI score0.99677EPSS
Exploits100Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/29 2:18 a.m.45 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Spring Framework

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Spring Framework. Vulnerability Details CVEID: CVE-2022-22971 DESCRIPTION: Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. By sending...

6.5CVSS1.1AI score0.05666EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/24 5:34 p.m.212 views

Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950)

Summary IBM QRadar SIEM is affected but not vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boot executable jar, 4...

9.8CVSS1.1AI score0.99939EPSS
Exploits131Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/20 3:16 a.m.50 views

Security Bulletin: IBM Spectrum Symphony is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Spectrum Symphony is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boo...

9.8CVSS1.6AI score0.99677EPSS
Exploits100Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/20 2:10 a.m.91 views

Security Bulletin: IBM Spectrum Conductor is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Spectrum Conductor is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Bo...

9.8CVSS1.7AI score0.99677EPSS
Exploits100Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/17 6:30 p.m.134 views

Security Bulletin: Vulnerability in Spring Framework affects IBM Watson Explorer (CVE-2022-22971, CVE-2022-22968, CVE-2022-22970)

Summary Spring Framework is used by IBM Watson Explorer Foundational and Analytical Components. IBM Watson Explorer has addressed the applicable CVE CVE-2022-22971, CVE-2022-22968, CVE-2022-22970. Vulnerability Details CVEID: CVE-2022-22971 DESCRIPTION: Vmware Tanzu Spring Framework is vulnerable...

6.5CVSS1AI score0.05666EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/16 5:10 p.m.57 views

Security Bulletin: Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary Rational Test Control Panel is affected but not vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boot...

9.8CVSS1.2AI score0.99677EPSS
Exploits100Affected Software2
RedHat Linux
RedHat Linux
added 2022/06/16 2:52 p.m.4 views

Framework: Data Binding Rules Vulnerability

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

5.3CVSS6.7AI score0.05666EPSS
Exploits2References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/10 5:17 a.m.53 views

Security Bulletin: Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950).

Summary There are multiple vulnerabilities in Spring Framework CVE-2022-22968, CVE-2022-22965, and CVE-2022-22950 as described in the vulnerability details section. Spring Framework v5.3.8 is used by Db2 Web Query for i for infrastructure support. IBM has addressed the vulnerabilities in Db2 Web...

9.8CVSS9.4AI score0.99677EPSS
Exploits102Affected Software6
Rows per page
Query Builder